What's New in Windows Filtering Platform
Windows 8 and Windows Server 2012 introduce new Windows Filtering Platform programming elements. New functionality includes the following:
- Layer 2 filtering: Provides access to the L2 (MAC) layer, allowing filtering of traffic at that layer.
- vSwitch filtering: Allows packets traversing a vSwitch to be inspected and/or modified. WFP filters or callouts can be used at the vSwitch ingress and egress.
- App container management: Allows access to information about app containers and network isolation connectivity issues.
- IPsec updates: Extended IPsec functionality including connection state monitoring, certificate selection, and key management.
The Windows Driver Kit also includes information on WFP Changes for Windows 8.
Windows 8 API updates
Many new APIs have been added for Windows 8 and Windows Server 2012.
New functions
- FWPM_NET_EVENT_CALLBACK1
- FwpmConnectionCreateEnumHandle0
- FwpmConnectionDestroyEnumHandle0
- FwpmConnectionEnum0
- FwpmConnectionGetById0
- FwpmConnectionGetSecurityInfo0
- FwpmConnectionSetSecurityInfo0
- FwpmConnectionSubscribe0
- FwpmConnectionSubscriptionsGet0
- FwpmConnectionUnsubscribe0
- FwpmIPsecTunnelAdd2
- FwpmNetEventEnum2
- FwpmNetEventSubscribe1
- FwpmProviderContextAdd2
- FwpmProviderContextEnum2
- FwpmProviderContextGetById2
- FwpmProviderContextGetByKey2
- FwpmvSwitchEventsGetSecurityInfo0
- FwpmvSwitchEventsSetSecurityInfo0
- FwpmvSwitchEventSubscribe0
- FwpmvSwitchEventUnsubscribe0
- IkeextSaEnum2
- IkeextSaGetById2
- IPSEC_KEY_MANAGER_KEY_DICTATION_CHECK0
- IPSEC_KEY_MANAGER_DICTATE_KEY0
- IPSEC_KEY_MANAGER_NOTIFY_KEY0
- IPSEC_SA_CONTEXT_CALLBACK0
- IPsecKeyManagerAddAndRegister0
- IPsecKeyManagerGetSecurityInfoByKey0
- IPsecKeyManagerSetSecurityInfoByKey0
- IPsecKeyManagersGet0
- IPsecKeyManagerUnregisterAndDelete0
- IPsecSaContextSubscribe0
- IPsecSaContextSubscriptionsGet0
- IPsecSaContextUnsubscribe0
- NetworkIsolationDiagnoseConnectFailureAndGetInfo
- NetworkIsolationEnumAppContainers
- NetworkIsolationEnumerateAppContainerRules
- NetworkIsolationFreeAppContainers
- NetworkIsolationGetAppContainerConfig
- NetworkIsolationRegisterForAppContainerChanges
- NetworkIsolationSetAppContainerConfig
- NetworkIsolationSetupAppContainerBinaries
- PAC_CHANGES_CALLBACK_FN
New structures
- IKEEXT_AUTHENTICATION_METHOD2
- IKEEXT_CERT_EKUS0
- IKEEXT_CERT_NAME0
- IKEEXT_CERTIFICATE_AUTHENTICATION2
- IKEEXT_CERTIFICATE_CRITERIA0
- IKEEXT_EM_POLICY2
- IKEEXT_KERBEROS_AUTHENTICATION1
- IKEEXT_POLICY2
- IPSEC_KEY_MANAGER0
- IPSEC_KEY_MANAGER_CALLBACKS0
- IPSEC_KEYING_POLICY1
- IPSEC_SA_CONTEXT_CHANGE0
- IPSEC_SA_CONTEXT_SUBSCRIPTION0
- IPSEC_TRANSPORT_POLICY2
- IPSEC_TUNNEL_ENDPOINT0
- IPSEC_TUNNEL_ENDPOINTS2
- IPSEC_TUNNEL_POLICY2
- FWPM_CONNECTION0
- FWPM_CONNECTION_ENUM_TEMPLATE0
- FWPM_CONNECTION_SUBSCRIPTION0
- FWPM_NET_EVENT2
- FWPM_NET_EVENT_CAPABILITY_ALLOW0
- FWPM_NET_EVENT_CAPABILITY_DROP0
- FWPM_NET_EVENT_CLASSIFY_ALLOW0
- FWPM_NET_EVENT_CLASSIFY_DROP2
- FWPM_NET_EVENT_CLASSIFY_DROP_MAC0
- FWPM_NET_EVENT_HEADER2
- FWPM_PROVIDER_CONTEXT2
- FWPM_VSWITCH_EVENT0
- FWPM_VSWITCH_EVENT_SUBSCRIPTION0
New enumerated types
- FWP_VSWITCH_NETWORK_TYPE
- FWPM_APPC_NETWORK_CAPABILITY_TYPE
- FWPM_CONNECTION_EVENT_TYPE
- FWPM_VSWITCH_EVENT_TYPE
- IKEEXT_CERT_CRITERIA_NAME_TYPE
- IPSEC_SA_CONTEXT_EVENT_TYPE0
New filtering layer identifiers
- FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET
- FWPM_LAYER_OUTBOUND_MAC_FRAME_ETHERNET
- FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE
- FWPM_LAYER_OUTBOUND_MAC_FRAME_NATIVE
- FWPM_LAYER_INGRESS_VSWITCH_ETHERNET
- FWPM_LAYER_EGRESS_VSWITCH_ETHERNET
- FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V4 / FWPM_LAYER_INGRESS_VSWITCH_TRANSPORT_V6
- FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V4 / FWPM_LAYER_EGRESS_VSWITCH_TRANSPORT_V6
New filtering condition identifiers
Filtering Condition Identifiers:
- FWPM_CONDITION_INTERFACE_MAC_ADDRESS
- FWPM_CONDITION_MAC_LOCAL_ADDRESS
- FWPM_CONDITION_MAC_REMOTE_ADDRESS
- FWPM_CONDITION_ETHER_TYPE
- FWPM_CONDITION_VLAN_ID
- FWPM_CONDITION_NDIS_PORT
- FWPM_CONDITION_NDIS_MEDIA_TYPE
- FWPM_CONDITION_NDIS_PHYSICAL_MEDIA_TYPE
- FWPM_CONDITION_L2_FLAGS
- FWPM_CONDITION_MAC_LOCAL_ADDRESS_TYPE
- FWPM_CONDITION_MAC_REMOTE_ADDRESS_TYPE
- FWPM_CONDITION_ALE_PACKAGE_ID
- FWPM_CONDITION_MAC_SOURCE_ADDRESS
- FWPM_CONDITION_MAC_DESTINATION_ADDRESS
- FWPM_CONDITION_MAC_SOURCE_ADDRESS_TYPE
- FWPM_CONDITION_MAC_DESTINATION_ADDRESS_TYPE
- FWPM_CONDITION_IP_SOURCE_PORT
- FWPM_CONDITION_IP_DESTINATION_PORT
- FWPM_CONDITION_VSWITCH_ID
- FWPM_CONDITION_VSWITCH_NETWORK_TYPE
- FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_ID
- FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_ID
- FWPM_CONDITION_VSWITCH_SOURCE_VM_ID
- FWPM_CONDITION_VSWITCH_DESTINATION_VM_ID
- FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_TYPE
- FWPM_CONDITION_VSWITCH_TENANT_NETWORK_ID
New filtering condition flags
- FWP_CONDITION_FLAG_IS_PROXY_CONNECTION
- FWP_CONDITION_FLAG_IS_APPCONTAINER_LOOPBACK
- FWP_CONDITION_FLAG_IS_NON_APPCONTAINER_LOOPBACK
- FWP_CONDITION_FLAG_IS_HONORING_POLICY_AUTHORIZE
- FWP_CONDITION_L2_IS_NATIVE_ETHERNET
- FWP_CONDITION_L2_IS_WIFI
- FWP_CONDITION_L2_IS_MOBILE_BROADBAND
- FWP_CONDITION_L2_IS_WIFI_DIRECT_DATA
- FWP_CONDITION_L2_IS_VM2VM
- FWP_CONDITION_L2_IS_MALFORMED_PACKET
- FWP_CONDITION_L2_IS_IP_FRAGMENT_GROUP
- FWP_CONDITION_L2_IF_CONNECTOR_PRESENT
Windows 7 updates to the Windows Filtering Platform
The document What's New in Windows Filtering Platform details many of the updates made for Windows 7. Information is also available in the Windows Driver Kit on WFP Changes for Windows 7.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for